On 03/11/2012 09:53 AM, Ted Lemon wrote:
> On Mar 11, 2012, at 8:02 AM, Ralph Droms <[email protected]
> <mailto:[email protected]>> wrote:
>> This point is what I was trying to get at with my second bullet.
>> Ted, who is the "you" in the "where you connected": the homenet, the
>> device, ???
>
> IOW, when a device is configured locally, how does that configuration
> propagate through the homenet gateway to the real world, when the
> gateway isn't necessarily connected when the device configures?
>
> My preferred answer is that the homenet gateway is authoritative for
> the zone that's being updated, and can process updates even when
> disconnected. I realize that MDNS-style solutions are in some sense
> easier, but they don't give you a consistent name, so you wind up with
> the search list problem Ray is talking about.
That's exactly what we're trying to achieve with CeroWrt, with its use
of Bind (with both interior and exterior views). (See bind a as a place
holder for "real fully featured DNS server" if you have some other
favourite; it's just that dnsmasq can't support this kind of vision at
the moment). Again, "running code" rather than assertion is what we'd
like here, though I think we're far enough along to be able to claim
this is feasible and desirable. I see/hope that mDNS and uPNP become
legacy protocols in the long run; my previous mail on this topic is that
I am always concerned that there are transition strategies that really work.
>
> Of course, in this scenario, if the homenet is disconnected, a roaming
> device would be unable to update it until it reconnected. I think
> this is probably okay.
As do I...
>
> I realize this is a bit more heavyweight than what some people have
> been talking about, and I'm not claiming they're wrong and I'm right;
> I'm just saying that this is how I would want my homenet to work, and
> I think it ties into the idea of end-to-end functionality for
> homenets, both internally and externally.
>
Exactly. Care to help with the final piece of the CeroWrt demonstration
of this? What's needed are two things:
1) some dhcp handshake with the upstream ISP provider to provide
the domain keys so that the domain can be delegated and the home router
become the authoritative for the delegated domain.
2) GUI work so that if the user has a domain of their own (or
the ISP does not/is incapable of delegation), you can get it hooked up
with your DNS provider; while we have bind all running fine, the GUI
work for configuring bind has lagged (I've been intending to do it, but
have been somewhat ill of late). Right now, the CeroWrt GUI is still for
configuring dnsmasq, which we don't use.
I think there is an interesting question of whether interior *names*
should be automatically published into the global DNS by default or
not, which will depend on the security of the devices and systems and
the users' expertise, if only to make it a bit harder for attackers to
discover interior systems to attack (since with IPv6 finding them by
brute force address space search is relatively hard).
I suspect that it should default to "off", myself, if only because I
know I have boxes in my house that the vendors seldom if ever update the
firmware for, and I don't want them exposed. Clearly, we have the
reality of many insecure devices mouldering in home environments, and
can't ignore this problem.
Jim
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet